Help - Generating a new key pair and CSR for IIS 5.0

Generating a Key Pair and Certificate Signing Request (CSR) for a Microsoft Internet Information Server (IIS) 5.0.

To generate a public and private key pair and CSR for a Microsoft IIS 5 Server:

  1. Key generation process

    • Under 'Administrative Tools', open the 'Internet Services Manager'. Then open up the properties window for the website you wish to request the certificate for. Right-clicking on the particular website will open up its properties.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image001.jpg http://svn.cacert.org/CAcert/HowTo/iistutorial/image002.jpg

  2. Open Directory Security folder

    • In the 'Directory Security' folder click on the 'Server Certificate' button in the 'Secure communications' section. If you have not used this option before the 'Edit' button will not be active.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image003.gif

  3. Select Create a new certificate

    • Now 'Create a new certificate'.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image004.gif

  4. Prepare the request

    • You'll prepare the request now, but you can only submit the request via the online request forms. We do not accept CSRs via email.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image005.gif

  5. Enter a certificate name and select Certificate strength

    • Select 'Bit length'. We advise a key length of 1024 bits.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image006.gif

    • You have now created a public/private key pair. The private key is stored locally on your machine. The public portion is sent to CAcert in the form of a CSR.
    • You will now create a CSR. This information will be displayed on your certificate, and identifies the owner of the key to users. The CSR is only used to request the certificate. The following characters must be excluded from your CSR fields, or your certificate may not work:

      ! @ # $ % ^ * ( ) ~ ? > < & / \

  6. Enter your Organisation Information

    • Enter the Organisation name: this must be the full legal name of the Organisation that is applying for the certificate.
    • The Organisational Unit field is the 'free' field. It is often the department or Server name for reference.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image007.gif

  7. Enter your Common Name

    • The Common Name is the fully qualified host and Domain Name or website address that you will be securing. Both 'www.CAcert.org' and 'secure.CAcert.com' are valid Common Names. IP addresses are usually not used.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image008.gif

  8. Enter the geographical details

    • Your country, state and city.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image009.gif

  9. Choose a filename to save the request to

    • Select an easy to locate folder. You'll have to open this file up with Notepad. The CSR must be copied and pasted into our online form. Once the CSR has been submitted, you won't need this CSR any more as IIS won't reuse old CSR to generate new certificates.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image010.gif

  10. Confirm your request details

Finish up and exit IIS Certificate Wizard

Certificate Installation process for IIS 5.0

After your certificate has been emailed to you, follow this process to install the certificate.

  1. Saving the certificate

    • Copy the contents of the email including the
      -----BEGIN CERTIFICATE-----
       and
      -----END CERTIFICATE-----
    • lines. Do not copy any extra line feeds or carriage returns at the beginning or end of the certificate. Save the certificate into a text editor like Notepad. Save the certificate with an extension of .cer and a meaningful name like certificate.cer

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image011b.png

  2. Installation steps

    • Return to the 'Internet Information Services' screen in 'Administrative Tools' under 'Control Panel'. Right click on 'Default Web Site' and select 'Properties'.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image001.jpg

  3. Select the Directory Security tab

    • Select 'Server Certificate' at the bottom of the tab in the 'Secure communications' section.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image002.jpg

  4. In the 'IIS Certificate Wizard' you should find a 'Pending Certificate Request'.

    • Ensure 'Process the pending request and install the certificate' is selected and click on 'Next'.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image012.gif

  5. Browse to the location you saved the .cer file to in step 1

    • Select the .cer file and click 'Next'.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image013.gif

  6. Ensure that you are processing the correct certificate

    • ...then click 'Next'.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image014.jpg

  7. You will see a confirmation screen.

    • When you have read this information, click 'Finish'.

    http://svn.cacert.org/CAcert/HowTo/iistutorial/image015.gif

And you're done!

For more information, refer to your server documentation or visit Microsoft Support Online.


HELP/3 (last edited 2015-04-24 10:27:13 by AlesKastner)